Posts by Barbara Moore

Is it odd ...

... that the 2 ISPs who have considered it perfectly OK to scrape copyrighted content so that they can make money out of tracking their customers and serving targeted ads are the ones to worry about their part in dishing out penalties to those caught infringing copyright?

Maybe they really do believe that if it is on the internet then it is copyright free - and if you don't like that then don't make anything in a digital format.

The end of media earning from advertising?

"Except that there's only so much that advertisers can spend on net advertising. If the pot goes ever broader, perhaps the likes of the New York Times and Guardian might not be able to invest in quality journalism. We'd be stuck with, presumably, a lot of bloggers posting emotive statements."

I do hope that some of the press who were at the meeting are able to do the maths and discover that Phorm will be offering more revenue to Mom and Pop sites and less to media. No wait, a year ago Phrom were saying the Mom & Pop sites would be earning, now they are offering the revenue to the media.

So, which is it?

With current advertising budgets web pages can't fill their advertising real estate with enough adverts to cover the overheads. With advertisers being charged a premium for BTA offerings there will be even fewer adverts to spread around. I recall Phorm claiming that web pages would not need so many ad slots. What they failed to say was that web pages would have to be redesigned to avoid empty white spaces. Is the glass half full or half empty?

It sure sounds like Phorm's cupboard is getting empty.

Nothing to offer the websites whose content is copied to the profiler. HTTPS is a lot cheaper than allowing Phorm to harvest all that commercially sensitive data and divert trade away from commercial websites.

What - no PMS jokes?

As a long time sufferer of PMS can I please ask for more PMS jokes?

You have to have been there, done that, to appreciate just how life threatening PMS can be to sufferers and those around them. On the good days we all need something to help us see passed the next set of days when life ends up going up-side-down no matter how hard you try to keep it normal and take essential oils and B6, avoid foods containing molds - and that includes bread, alcohol, fruit, fruit juices and MarmiteTM.

No matter how careful I was at work, I would still need to spend the next week finding all the stupid mistakes I had made: it was as though my brain had been switched off and I no longer knew how to do even basic things like putting a piece of paper into the correct file.

As for job interviews and exams on the 'wrong days'. Forget it, no chance.

Those who suffer will do anything to be normal. So please, please, keep us laughing at our own expense. Help us to be normal.

And it does us (PMS sufferers) so much good to know that there are other folks out there who are getting into even worse situations than those that we seem to attract on our 'off' days. Every bit in that article 'could have happened' and for that I give grateful thanks to all who helped put the article together. And to all those who commented above. I have not laughed so much for ages.

@ Graham Wood

"If by "text part" you mean the plain text version of the email, the chances are that those are not the real destinations that you would be sent to."

With many mail programs set to display only text and not the html nor any other attachments to the email, using the false subdomain with the encoded XSS in the URL makes the URL look even more real [I edited the XSS out for that reason]. Nor did I wish to publish anything which could identify me to the phishers.

Spoofed subdomains?

Just a thought.

Lately, the phishing emails I have been seeing have a lot of subdomains like ww9.domain.tld.

I am so innocent about all this that I just took it to be that the malware script had picked up some load balancing on the real domain. Any script that checks URLs for malware will probably hit a 404 error.

But, have the ISP send some junk from these invented URLs and anything could be being injected.

Here are a few [edited] examples from recent phishing mails:

http://www7.abbey.co.uk/servlet?host=

http://obj5.nwolb6.com/customerupdate?poolid=

http://www2.abbey.com.shell54.com/servlet

http://sys6.natwestbusiness2.com/customerupdate?refid=

All the above give me an unknown server response, except for shell54.com which blocks access to root.

The 'real' URLs come from the text part of the phishing mails.

With so many banks using javascript and cookies for login forms the data a little XSS could harvest is frightening. Time for the banks to change their validation model?

AdSense and privacy

We all know that Google uses its ads to help it to profile web users.

Someone must have been getting upset about that, or perhaps it is because of Google's acquisitions, because now all publishers of AdSense must have a privacy statement which details out the tracking done by the scripts which display the ads.

@Well VirginMedia......

To test if it is your ISP or your computer, download FireFox, Safari and SeaMonkey.

Visit a few of your usual sites and then check cookies.

As it is unlikely that SeaMonkey or Safari will be in the 'approved list of browsers' to be hijacked, you many notice a difference.

If necessary, play with the SeaMonkey security setting until the cookie stops coming back. Remember to close the browser between tests: you may need a reboot if the worm is living in memory.

Let us know your results, everyone needs something real to start working on. I personally like the idea of installing on every page of my site the tripwire offered at

http://www.cs.washington.edu/research/security/web-tripwire.html

Time for all webmasters to have a way of warning our visitors that they have a problem. And pointing out that users do not have the right to access the site if their ISP is harvesting the content for financial gain. A good, legal, terms of use statement sounds in order.